PatchSiren cyber security CVE debrief
CVE-2025-5087 Kaleris CVE debrief
CVE-2025-5087 is a medium-severity information-disclosure issue in Kaleris Navis N4. According to the CISA CSAF advisory published on 2025-06-24, the Ultra Light Client (ULC) communicates insecurely over HTTP using zlib-compressed data. If an attacker can observe traffic between ULC clients and N4 servers, they may recover sensitive information, including plaintext credentials. Kaleris lists fixed releases for multiple 3.x branches and notes that Navis N4 4.0 replaces the ULC with an HTML UI.
- Vendor
- Kaleris
- Product
- Navis N4
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-24
- Original CVE updated
- 2025-06-24
- Advisory published
- 2025-06-24
- Advisory updated
- 2025-06-24
Who should care
Organizations running Kaleris Navis N4, especially deployments where Ultra Light Client traffic may traverse untrusted networks, shared segments, load balancers, or internet-exposed paths. OT and terminal operations teams should care because credential exposure can increase the risk of unauthorized access.
Technical summary
The advisory identifies Kaleris Navis N4 <4.0 as affected. The issue is not described as code execution; it is a transport-security weakness where ULC communication uses HTTP rather than protected transport. Because the data is zlib-compressed but not confidentially protected, an on-path observer can extract sensitive content, including plaintext credentials. The advisory provides vendor fixes for multiple versions and recommends TLS, access restriction, and network controls when immediate upgrading is not possible.
Defensive priority
Medium overall, but treat as higher priority for any deployment where ULC traffic crosses untrusted or broadly accessible network paths. Credential exposure in OT-facing software can have outsized operational impact even without direct code execution.
Recommended defensive actions
- Upgrade to a fixed Navis N4 release: 3.1.44+, 3.2.26+, 3.3.27+, 3.4.25+, 3.5.18+, 3.6.14+, 3.7.0+, or 3.8.0+, as applicable.
- If upgrade is not immediately possible, place N4 behind a firewall and reduce exposure to the internet where feasible.
- If CAP must be internet-facing, disable the Ultra Light Client on exposed nodes by blocking the documented ULC URL patterns at the load balancer or firewall.
- Consider disabling the ULC endpoint at the cluster node by updating web.xml and restarting the server, per vendor guidance.
- If remote access is required, prefer a VPN or authenticated jump host rather than direct exposure; IP allowlisting is a less secure fallback.
- Ensure HTTPS/TLS is enabled and correctly configured on the load balancer or firewall.
- Restrict the number of N4 nodes exposed to the internet and use network controls with intrusion and DDoS protection where appropriate.
- If operationally feasible, migrate to Navis N4 4.0, where the ULC is replaced by the HTML UI.
Evidence notes
The supplied CISA CSAF advisory ICSA-25-175-01 states that Kaleris NAVIS N4 ULC communicates insecurely using zlib-compressed data over HTTP and that an attacker observing network traffic can extract sensitive information, including plaintext credentials. The advisory lists Kaleris Navis N4 <4.0 as affected and provides fixed versions and mitigations. The supplied timeline shows publication and modification on 2025-06-24, which is the correct CVE/advisory date to use.
Official resources
-
CVE-2025-5087 CVE record
CVE.org
-
CVE-2025-5087 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in CSAF advisory ICSA-25-175-01 on 2025-06-24; the supplied data does not indicate KEV listing.